Out of interest why do you want to do this ? domains could be easily spoofed anyway.

Actually, I wouldn't like to do this at all. Sometimes you just have to do what you're told to do. But we decided to use the firewall after all, so my question is no longer pressing.

I didn't find a way to configure Zimbra's tomcat to filter imap/imaps connections, so I did some research on proxy servers, and was about to try Delegate. I'm still interested in knowing if someone is filtering Zimbra imap connections with a reverse proxy.